j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity
2055 commits 2 branches 0 tags 10 MiB
Commit graph

218 commits

Author SHA1 Message Date
Guus Sliepen
4dee76522e Small fixes: 
- Fix compiler warnings (one was a real (but harmless) bug)
- Don't send PING packets if there is UDP traffic
- Correctly terminate strings containing salt for PING/PONG packets
 2001-05-25 08:36:11 +00:00
Guus Sliepen
bfc5d6014e Only send key_changed if it was previously requested. 2001-05-24 21:52:26 +00:00
Guus Sliepen
d1b597758e Add randomness to PING/PONG packets to prevent crypto attacks on quiet 
tunnels.
 2001-05-24 21:29:09 +00:00
Guus Sliepen
e4f3d93ec6 - s/ip_t/ipv4_t/g 
- Add "salt" to the beginning of UDP packets. Replaces length field which
  is not useful anyway.
 2001-05-07 19:08:46 +00:00
Guus Sliepen
156ec67652 Check indirectdata option before forwarding certain requests. 2001-03-13 21:33:31 +00:00
Guus Sliepen
34f9e6cf2d - route.c is now used to determine destination 
- flags are removed, since they were not used at all. Use options instead.
- indirectdata works now, tcponly almost...
- made functions that don't return useful information void
 2001-03-04 13:59:32 +00:00
Guus Sliepen
d2a54597e0 Added explaination of our key exchange using RSA encryption. 2001-03-02 11:25:56 +00:00
Guus Sliepen
4fa12eb85d Removed lots of compiler warnings. 2001-02-27 16:37:31 +00:00
Guus Sliepen
34b7a876c3 - Make sure METAKEY is smaller than the modulus of the RSA key 
- Get symmetric key from the least significant bytes of the RSA message
 2001-02-26 11:37:20 +00:00
Guus Sliepen
82455be966 Implemented new authentication scheme from doc/SECURITY2. 2001-02-25 19:09:45 +00:00
Guus Sliepen
54881faf6f Encrypt network packets in CBC mode instead of CFB mode. 
(This breaks compatibility with all previous versions!)
 2001-02-25 16:34:19 +00:00
Guus Sliepen
153fc35e57 Corrected check for errors after read() calls. 2001-02-25 11:09:29 +00:00
Guus Sliepen
f1cb3d8fa5 Removed another local definition of the variable "errno" 2001-02-06 10:42:27 +00:00
Guus Sliepen
f777c1807d FreeBSD compile fixes (thanks to XeF4) 2001-02-06 10:12:51 +00:00
Guus Sliepen
11f3e9d138 - Squashed another nasty bug. 2001-01-08 20:35:30 +00:00
Guus Sliepen
447a43d639 - Added indirectdata and tcponly functionality. 2001-01-07 20:19:35 +00:00
Guus Sliepen
d3f889c807 - It's 2001, all copyright notices are updated. 2001-01-07 17:09:07 +00:00
Guus Sliepen
07a08f5539 - Reinstated a queue for outgoing packets. 2001-01-07 15:25:49 +00:00
Guus Sliepen
f7bb205022 - Check and follow symlinks in is_safe_path 
- By default write keys to tinc config directory
- Small fix in protocol.c
 2001-01-06 18:03:41 +00:00
Guus Sliepen
e924096f62 - Let user choose whether keys are in the config files or separate 
- Use AVL trees instead of RBL trees
- Fixed a lot of annoying subtle bugs! Thanks to gdb...
 2001-01-05 23:53:53 +00:00
Guus Sliepen
e1707f7739 - Don't even think about using sscanf with %as anymore 
- Allow keys to be inside the config files or in a seperate file
- Small fixes
 2000-12-22 21:34:24 +00:00
Ivo Timmermans
6327f32f43 Tiny bits of code beautifying 2000-12-05 08:59:30 +00:00
Ivo Timmermans
a0f7af3ed7 New function read_rsa_public_key(); 
In net.c/setup_myself deleted old code to read the public key (which
is now implicitly read in together with the private key).
 2000-11-30 23:18:21 +00:00
Guus Sliepen
1eedf54681 - Use only one socket for all UDP traffic (for compatibility) 
- Write pidfile again after detaching
- Check OS (for handling FreeBSD/Solaris tun/tap stuff)
 2000-11-25 13:33:33 +00:00
Guus Sliepen
6f373e6902 - More porting to FreeBSD and Solaris. 2000-11-22 22:05:37 +00:00
Guus Sliepen
5971e352da - Work with the correct key buffer in ans_key_h 2000-11-22 20:25:27 +00:00
Guus Sliepen
a07602c4fd - No more %as. 2000-11-22 19:55:53 +00:00
Guus Sliepen
f8b4a000d0 - Cleaned up and checked for some more NULL pointers in rbl.c 
- Two connection lists: one for incoming connections, sorted on ip/port,
  one for connections whose identity we know, sorted on id ofcourse...
 2000-11-22 18:54:08 +00:00
Guus Sliepen
408ca91766 - Integrate rbl trees into tinc. 2000-11-20 19:12:17 +00:00
Guus Sliepen
e118ba0a64 Porting to FreeBSD: 
- Reorganized and added some #includes
 2000-11-15 13:33:27 +00:00
Ivo Timmermans
bb2495e569 Use the HAVE_OPENSSL_xxx_H defined from m4/openssl.m4 during 
configure.
 2000-11-15 01:06:13 +00:00
Guus Sliepen
7d0f82bd4b - Open UDP connection for all known hosts. Comments please. 2000-11-07 22:02:14 +00:00
Guus Sliepen
698191fd2f - Prepended config_ to all configuration option names, because it confused 
everything (including myself).
- Use connection oriented UDP sockets for both incoming and outgoing
  packets.
 2000-11-04 22:57:33 +00:00
Guus Sliepen
afc0579707 - Simplified ping mechanism. 2000-11-04 20:44:28 +00:00
Guus Sliepen
ac47586552 - Forward keys in hex notation, not as binary data. 2000-11-04 16:54:21 +00:00
Guus Sliepen
3f8f067e8b - Don't forget to set packet cipher for added hosts. 2000-11-04 16:39:19 +00:00
Ivo Timmermans
5065ea32c3 Warnings removal pass: always include config.h first; add a few 
prototypes in the header files.

This also fixes a few lint errors/warnings.
 2000-11-03 22:35:12 +00:00
Guus Sliepen
b7d4d4c177 - Finishing touch: encrypt the meta connections 2000-10-29 22:55:15 +00:00
Guus Sliepen
ec12269355 - Use CFB mode for encrypting packets: it works and we don't need padding. 2000-10-29 22:10:44 +00:00
Guus Sliepen
cea3d8f305 - Small fixes 
- Do proper key exchange
- Encrypt packets - it works, but there is something wrong with the MAC
  header after decryption...
 2000-10-29 10:39:08 +00:00
Guus Sliepen
8fa9bc017d - Removed old encr stuff 2000-10-29 09:19:27 +00:00
Guus Sliepen
2689690dc3 - Enforce correct order of authentication requests 2000-10-29 01:08:09 +00:00
Guus Sliepen
7398002ade - Fixed ans_key_h 
- Removed tapsubnet configuration option.
 2000-10-29 00:24:31 +00:00
Guus Sliepen
35932fe6c8 - Very big cleanup. 2000-10-29 00:02:20 +00:00
Guus Sliepen
f25868fd2b - Lots of small fixes 
- Exchange subnets on acknowledgement of connection
- Do proper lookup when incoming packets from tap
- off-by-a small number-error when reading/sending tap packets
 2000-10-28 21:05:20 +00:00
Guus Sliepen
9c2f805255 - Lots of little stuff modified 
- Succesfully reads in subnets from host config file now and adds them to
  the list.
 2000-10-24 15:46:18 +00:00
Guus Sliepen
52b842f807 - Fixed all debug levels. 
- Seed PRNG before generating a challenge
- Strange thing in challenge decryption: it fails if first bit is set!?
 2000-10-21 11:52:08 +00:00
Guus Sliepen
9f64499e40 - tinc now really does public/private key encryption! It even works, whee! 2000-10-20 15:34:38 +00:00
Guus Sliepen
20301888b7 - More fixing. Tinc daemons can now even create activated connections. 2000-10-16 19:04:47 +00:00
Guus Sliepen
bb3d18d56f - Fixing little things 
- Two tinc daemons can connect to eachother now (but they disconnect right
  after the ACKs).
 2000-10-16 16:33:30 +00:00
Guus Sliepen
85adeef212 - The daemon actually runs now (somewhat) 
- Added support for tun/tap driver (autodetect!)
- More sophisticated checkpoint functionality
- Updated dutch translation
 2000-10-15 00:59:37 +00:00
Guus Sliepen
e9635ae38e - Second fixing-things pass: it even links now. 
- Lots of FIXME comments added to the source code.
 2000-10-14 17:04:16 +00:00
Guus Sliepen
183a8edd22 - Fixing-things pass: every source file compiles into an object file now, 
but linking tincd does not work yet (must link with openssl libs and
  define some missing functions).
 2000-10-11 22:01:02 +00:00
Guus Sliepen
6e39481d8f - Generalized config file parsing to support multiple configuration trees. 2000-10-11 13:42:52 +00:00
Guus Sliepen
c78a204f06 - Added meta.c which contains functions to send, receive and broadcast 
metadata. It will also handle encryption and decryption, and possibly
  compression and checksumming.
- Moved request dispatcher to protocol.c.
 2000-09-26 14:06:11 +00:00
Guus Sliepen
361690b18c - Removed options "string" stuff. It was a bad idea... 
- free() everything that is allocated.
 2000-09-22 16:20:07 +00:00
Guus Sliepen
5afc1e98f4 - Severe code reduction and simplification of challenge requests 
- "Finished" [add|del]_subnet_h
- Added lots of sanity checks to [add|del]_host_h
 2000-09-22 15:06:28 +00:00
Guus Sliepen
5d0b3516d5 - Updated authentication scheme. 
- Removed all trailing spaces from all lines.
- Added things to add_ and del_subnet_h.
 2000-09-17 21:42:05 +00:00
Ivo Timmermans
7f3ab38c22 Second round of fixes 2000-09-15 12:58:40 +00:00
Ivo Timmermans
ed397b6ac6 First round of needed fixes after the overhaul 2000-09-14 21:51:21 +00:00
Guus Sliepen
c04c84c980 - Lots of small changes. 2000-09-14 11:54:51 +00:00
Guus Sliepen
9c75350ac6 - Fixed modulo in keylength check 
- Updated header file to reflect new protocol code
 2000-09-11 10:05:35 +00:00
Guus Sliepen
76b5f255c6 - Some key exchange stuff. (Last commit before going to bed.) 2000-09-10 23:11:37 +00:00
Guus Sliepen
675ed08a71 - Lots of functions added for the new protocol. 2000-09-10 22:49:46 +00:00
Guus Sliepen
6b9ec9ed1e - Added more function skeletons for the new protocol. 2000-09-10 16:15:35 +00:00
Guus Sliepen
28cc301595 - New protocol. Will break everything else for now. 2000-09-10 15:18:03 +00:00
Guus Sliepen
3cfc9424f2 - Moved TCP packet reception to meta handler: less kludgy and less buggy! 2000-08-08 17:07:48 +00:00
Guus Sliepen
ff87f385c3 Removed calling add_queue for tcponly packets. 2000-08-08 13:47:57 +00:00
Guus Sliepen
ac73c72488 Fixed PACKET read loop. 2000-08-08 08:48:50 +00:00
Guus Sliepen
b6997b0050 - Lots o' buglets fixed (-Wall helps) 
- Made TCPonly work :)
 2000-08-07 16:27:29 +00:00
Guus Sliepen
fdc6a2f106 - Added experimental hackish tunneling-over-TCP support. 
Just use TCPonly = true in the configuration file.
 2000-08-07 14:52:16 +00:00
Guus Sliepen
1a1ebefd57 - Made tinc even more silent if no -d flag is given at all. 2000-06-30 21:03:51 +00:00
Guus Sliepen
c5737583c8 - Instead of logging an error when remote end closes the connection, 
we print a nice message if appropiate debug level is set.
- If we get ADD_HOSTs or DEL_HOSTs for ourself, then connection lists
  are really messed up. We restart, and hope our problems go away.
 2000-06-30 12:41:06 +00:00
Guus Sliepen
0f9ad1f047 - Fixed memory leak. 
- Implemented SIGHUP configuration file reloading.
- Other small changes.
 2000-06-29 19:47:04 +00:00
Guus Sliepen
18c85caac3 - New semantics for BASIC_INFO, ADD_HOST and DEL_HOST requests. This will 
improve connection list consistency, ensures the tree property, and
  allows for recovery from situations where track of connections is lost.
 2000-06-29 17:09:08 +00:00
Guus Sliepen
e8e7379311 - Removed all IP_ADDR_S macros, because gettext doesn't like them. Each 
connection now has two hostnames: real_hostname (replacing the old),
  and vpn_hostname. In those places where hostnames really aren't usefull
  IP_ADDR_S has been replaced by %d.%d.%d.%d.
 2000-06-29 13:04:15 +00:00
Guus Sliepen
8c6c60adf3 - Fixed a message in nl.po 
- Woops, we forgot to send our connection list to our uplink when we
  connect to it... Fixed.
 2000-06-28 13:41:02 +00:00
Guus Sliepen
ea40d3f1a0 - Fixed some spelling errors. 
- Paar zpelvautjes gerepareerd, en de Nederlandse vertaling weer bij de
  tijd gebracht.
 2000-06-28 11:38:01 +00:00
Guus Sliepen
070ad08118 - Purge old connections that are ADD_HOSTed. 2000-06-27 20:55:12 +00:00
Guus Sliepen
4aeaea5e59 - Improved handling of errors on connection attempts. 2000-06-27 20:10:48 +00:00
Guus Sliepen
4faed1b854 - Fixed KEY_CHANGED notification. A lot of notify_others() calls were 
wrong (first two arguments swapped). Should probably be doublechecked.
- Don't retry to connect to hosts with different protocol versions.
 2000-06-27 12:58:04 +00:00
Guus Sliepen
04cb206298 - Moved all connection messages to debug level 1, without -d's only the 
startup message will be logged.
- Fixed DEL_HOST rebound.
 2000-06-26 20:30:21 +00:00
Guus Sliepen
783c829861 - Indirectdata finally REALLY REALLY works now! 
- More precise debug messages
 2000-06-26 19:39:34 +00:00
Guus Sliepen
b3681ebf6c Fixes some hostlookups. Fixes indirectdata for real now (hopefully). 2000-06-26 17:20:58 +00:00
Guus Sliepen
a473ece8a0 - More verbose connection list 
- Added "myself" as hostname when logging indirect ADD_HOSTs
 2000-06-25 16:39:17 +00:00
Guus Sliepen
f1f901112e Hostlookup() is actually being called now. 2000-06-25 16:20:27 +00:00
Guus Sliepen
54079bdf03 Hostnames are back! 2000-06-25 16:01:12 +00:00
Guus Sliepen
e4b586ed07 - Log possible spoofing attacks. 
- Don't broadcast DEL_HOSTs for hosts that haven't been activated yet.
- If a host sends a TERMREQ, deactivate them.
 2000-06-25 15:45:09 +00:00
Guus Sliepen
7f7e158aae Large cleanup: 
- Removed hostname lookup (it blocks, and you can always do it yourself)
- Reorganized debug levels (after hints from Axel M�ller):
  0	Startup message and errors
  1	Connection logging
  2	Meta protocol information
  3	Verbose meta protocol (includes copy of transmitted requests)
  4	Packet information (logs transmission/errors of UDP packets)
  5	Verbose packet information (every single byte, not implemented yet
	to protect ourselves from filling up /var/log directories)
- Made log messages more consistent
 2000-06-25 15:16:12 +00:00
Guus Sliepen
d8e2f7104c First step for implementation of the "indirectdata" directive. This should 
allow _leaf_ tincds to be behind firewalls.
The protocol has changed and is INCOMPATIBLE with previous versions. The
PROT_CURRENT value has been incremented.
 2000-06-23 19:27:03 +00:00
Ivo Timmermans
17fa07510a Only accept an ADD_HOST request for a host that already exists in our conn_list if the nexthop field matches the sender. This is a workaround for older clients. 2000-05-30 21:36:16 +00:00
Guus Sliepen
a7ad161d2b Only activate a connection upon receiving it's public key if it's an 
incoming connection. When it's outgoing, we need to receive an ack first.
 2000-05-29 23:40:05 +00:00
Ivo Timmermans
9fd02ffcb0 Internationalization of tinc. 2000-05-29 21:01:26 +00:00
Guus Sliepen
61e71ab74a Terminate a connection on any error. Furthermore, disallow del_host, 
add_host and other important requests until remote host has properly
authenticated itself.
 2000-05-27 20:23:01 +00:00
Guus Sliepen
028659bfbf Fixed typos. When terminating a connection, it's status is not only set to 
remove=1 but also active=0.
 2000-05-27 19:23:20 +00:00
Guus Sliepen
e4ff969a98 Fix for a DoS attack: 
A remote user could telnet to the tinc daemon and type only this line:
 61 6 00000000/00000000:28f
 This would deny any packets to be sent to other tinc networks (except
 for to the hosts that run tincd's themselves). Solution is to skip
 hosts in lookup_conn() that have not been activated yet.
Fixed potential conn_list table corruption:
 If a new connection is accepted but a connection with the same subnet
 would already exist in the connection list, the OLD connection is
 terminated.
 2000-05-27 19:04:12 +00:00
Ivo Timmermans
de09916ead Only print an error with send_termreq if debug_lvl is 2 or more. 2000-05-14 13:50:10 +00:00
Guus Sliepen
ee96ccabbb Cleanups. 2000-05-14 12:22:42 +00:00
Ivo Timmermans
74b0cbecce Include sys/types.h. 2000-05-04 23:17:02 +00:00
Guus Sliepen
7853247523 Fixes typo and UDP network byte order. 2000-05-03 17:59:07 +00:00
Guus Sliepen
89610e3fba Replaced sprintf() by safer snprintf(), removed possible buffer overflow 
by one byte.
 2000-05-02 10:16:50 +00:00
Guus Sliepen
aeccaca829 Previous fix fixed. Meta protocol should be really flawless from now on! 2000-05-02 09:55:34 +00:00
Ivo Timmermans
a9247e6f2c Fixed meta protocol. 2000-05-01 21:31:59 +00:00
Guus Sliepen
ca6abd41ea Meta protocol overhaul. Tinc is now incompatible with previous versions, 
furthermore this version does NOT work yet because of a problem with
sending keys (these should be converted to base36 or something like that).
It is possible to telnet to the tinc daemon now and type some commands
by hand though :).
 2000-05-01 18:07:12 +00:00
Ivo Timmermans
33cfdf43f4 Key forwarding, write one byte extra. 2000-04-30 20:48:48 +00:00
Ivo Timmermans
75d351eaf1 Protocol fix (ANS_KEY). This breaks 0.3.3 protocol compatibility. 2000-04-30 19:49:49 +00:00
Ivo Timmermans
b4290c3f43 Send one less byte from an ANS_KEY request. 2000-04-30 19:03:00 +00:00
Ivo Timmermans
d878230ebe Read one less byte from an ANS_KEY request. 2000-04-30 18:57:16 +00:00
Ivo Timmermans
789a4c4f40 Removed debug messages. 2000-04-30 16:34:31 +00:00
Ivo Timmermans
eb1c9814e6 Read public keys the right way (tm). 2000-04-30 16:31:23 +00:00
Ivo Timmermans
ca73b722cb New way of handling the meta protocol. 2000-04-30 16:11:05 +00:00
Ivo Timmermans
1c007c0627 Got rid of the nasty hacks... and replaced it by another one. 2000-04-30 01:15:47 +00:00
Ivo Timmermans
c027459914 Filled up the protocol structs with unused bytes. 2000-04-29 20:39:36 +00:00
Guus Sliepen
44f9449888 Cleanups: 
- Changed recv/send calls into read/write calls for streams
- Made all sizeof() functions use a variable name instead of type
 2000-04-26 17:42:55 +00:00
Guus Sliepen
3a33568652 Added checkpoints to beginning and ending of every function. 2000-04-25 18:57:23 +00:00
Guus Sliepen
16d581be68 Bug found! Wrong pointer was used for handling multiple ADD_HOST requests 
at once. (See line 606.)
 2000-04-24 09:39:50 +00:00
Guus Sliepen
f6802d349d Added extra checks for desynchronized connection lists. Hopefully this will 
fix those strange segmentation faults.
 2000-04-24 08:32:57 +00:00
Ivo Timmermans
1243156a5e Initial revision 2000-03-26 00:33:07 +00:00